package com.echo.center.config;


import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * @author chentl
 * @version V1.0
 * @Project WebSecurityConfig
 * @Title WebSecurityConfig.java
 * @Description 安全配置
 * @Package com.echo.auth.config
 * @date 2019/10/24 15:11
 * @Copyright: 上海顺益信息科技有限公司 All rights reserved.
 */
@Slf4j
@EnableOAuth2Sso
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }


    /**
     * @return void
     * @author chentl
     * @description 允许匿名访问所有接口 主要是 oauth 接口
     * @date 2019/10/24 15:12
     * @params [http]
     * @since JDK 1.7
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        log.info("=========================Oauth2 资源服务器启动=========================");
        http/*.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
                .and()*/
                //请求权限配置
                .authorizeRequests()
                //下面的路径放行，不需要经过认证
                .antMatchers("/user/**").permitAll()
                //OPTIONS 请求不需要鉴权
                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                //用户的增删改接口只允许管理员访问
//                .antMatchers(HttpMethod.POST, "/auth/user").hasAnyAuthority(ROLE_ADMIN)
//                .antMatchers(HttpMethod.PUT, "/auth/user").hasAnyAuthority(ROLE_ADMIN)
//                .antMatchers(HttpMethod.DELETE, "/auth/user").hasAnyAuthority(ROLE_ADMIN)
                //获取角色 权限列表接口只允许系统管理员及高级用户访问
//                .antMatchers(HttpMethod.GET, "/auth/role").hasAnyAuthority(ROLE_ADMIN)
                //其余接口没有角色限制，但需要经过认证，只要携带token就可以放行
                .antMatchers("/**").authenticated()
                .anyRequest().authenticated();
    }

}
